CVE-2021-37714 - Denial of Service (DoS)
Severity: High2021-12-10
Abstract
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack.
The Oxygen Feedback product incorporates the jsoup as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Feedback 1.4.3 and older | High | Oxygen Feedback 1.4.4 build 2021062217 |
Detail
CVE-2021-37714
Severity: High
CVSS Score: 7.5
The jsoup third-party library used by Oxygen XML software products is an affected version mentioned in CVE-2021-37714 vulnerability description.
Starting with Oxygen Feedback version 1.4.4, the jsoup was updated to version 1.14.2, which includes a fix for CVE-2021-37714.